[Bro] HELP!

Alex Tarter Alex.Tarter at ultra-3eti.com
Wed Aug 15 14:02:14 PDT 2012


I was wondering if you could help us out. We've been hitting our head
against the wall trying to get Bro doing what we need and we're running out
of time. We need to get a simple demo done by the end of the month that we
thought would be simple to do in Bro but is fast becoming a nightmare!

I know you guys are busy, but could you assist?

What we want to do is simple:
1. Track the amount of TCP traffic over the course of an hour and log it
2. If the amount of traffic over one hour goes above a certain amount then
raise an alarm - hopefully spawn a process to send an SNMP trap rather than
send an email
3. Record the netflow info of each connection in a log

It's that simple!

We probably sound like idiots, but for some reason we can't work out how to
do it. Anything  you could do to point us on the right direction would be

If we could possibly have a telecom as well, then we'd be ecstatic :)

Much obliged, and I hope your Bro-Exchange went well

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5352 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20120815/31ba739f/attachment.bin 

More information about the Bro mailing list